<?php
error_reporting(0);
class Security {
public static function getXssSafeParams($params){
  if (is_array($params)){
      foreach($params as $param){
      $param = self::getXssSafeParam($param);
    }
  }else {
    $params = self::getXssSafeParam($params);
  }
  return $params;
}

public static function getXssSafeParam($param){
   $param = self::RemoveXSS($param);
   return $param; 
}

/** 
 * @param string $val //如果是数组，可以遍历，递归遍历
 */
private static function RemoveXSS($val)  {
    // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
    // this prevents some character re-spacing such as <java\0script>
    // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
   $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
   $val = addslashes($val);//防止unicode跨站脚本攻击     
    // straight replacements, the user should never need these since they're normal characters
    // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
    $search = 'abcdefghijklmnopqrstuvwxyz';
    $search.= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $search.= '1234567890!@#$%^&*()';
    $search.= '~`";:?+/={}[]-_|\'\\';

    for ($i = 0; $i < strlen($search); $i++) {
      // ;? matches the ;, which is optional
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars

      // &#x0040 @ search for the hex values
      $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
      // &# @ 0{0,7} matches '0' zero to seven times
      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
    }

    // now the only remaining whitespace attacks are \t, \n, and \r
    $ra1 = array('alert','javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
    $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', 'confirm', 'eval', 'document');
    $ra = array_merge($ra1, $ra2);

    $found = true; // keep replacing as long as the previous round replaced something
    while ($found == true) {
      $val_before = $val;
      for ($i = 0; $i < sizeof($ra); $i++) {
        $pattern = '/';
        for ($j = 0; $j < strlen($ra[$i]); $j++) {
          if ($j > 0) {
            $pattern .= '(';
            $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
            $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
            $pattern .= ')?';
          }
          $pattern .= $ra[$i][$j];
        }
        $pattern .= '/i';
        $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
        $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
        if ($val_before == $val) {
          // no replacements were made, so exit the loop
          $found = false;
        }
      }
    }

    return $val;
  }
}
?>
<html>
<head>
  <title>电影频道杭州基地启动仪式邀请函</title>
  <link rel="shortcut icon" href="http://www.1905.com/favicon.ico" type="image/x-icon">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta name="viewport" id="viewport" content="width=320, initial-scale=1, maximum-scale=1, user-scalable=no">
  <meta name="keywords" content="">
  <meta name="description" content="中国·杭州 2017.11.26诚邀您拨冗出席！">
  <meta name="renderer" content="webkit">
  <meta name="robots" content="index, follow">
  <meta name="format-detection" content="telephone=no">
  <!-- no cache -->
  <meta http-equiv="cache-control" content="max-age=0">
  <meta http-equiv="cache-control" content="no-cache">
  <meta http-equiv="expires" content="0">
  <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT">
  <meta http-equiv="pragma" content="no-cache">
  <link rel="stylesheet" href="./css/iconfonts.min.css">
  <link rel="stylesheet" href="./css/view-2d41bd2.min.css">
  <style type="text/css">@media screen{.smnoscreen {display:none}} @media print{.smnoprint{display:none}}</style>
  <style type="text/css">
    #guestName {
      font-size: ;
    }
    #guestGender {

    }
  </style>
  <script type="text/javascript">
    var __isServerRendered = true;
    var scene = {
    guestName:'<?php echo Security::getXssSafeParam($_GET['name']);?>',
    guestGender:'<?php echo Security::getXssSafeParam($_GET['gender']);?>',
    id:103114518,
    code:"NT3RUxKK",
    name: "电影频道杭州基地启动仪式邀请函",
    description: "中国·杭州 2017.11.26诚邀您拨冗出席！",
    pageMode:0,
    cover:"o_1buq9gs20hs31cc3146p1rmi1l4c5a.png?imageMogr2/auto-orient/crop/!242x242a0a20",
    bgAudio:{"url":"e3c17ada1aaa45b4a2b70bd16eda9662.mp3","name":"百石元 - クレープはいかが？.mp3","id":585198168},
    property: {"slideNumber":true,"boughtHideAd":true,"wxCount":0,"autoFlip":false,"adSpend":100,"eqAdType":0,"shareDes":"{}","hideEqAd":true,"forbidHandFlip":false,"triggerLoop":true,"wxClickFarmerCount":0,"autoFlipTime":3.0},
    createTime:1510559940000,
    publishTime:1510808414000,
    bizType:0,
    type:101,
    userId:"4a2d8aae4d230321014d237ef5e00654",
    userType: "2",
    memberType: "7",
    expiryTime: 1541588237000,
    isTemplate: 0,
    dsAppId: "",
    loadingLogo: ""
    };
  </script>
</head>
<body style="padding: 0px;">
  <div id="ppitest" style="width:1in;visible:hidden;padding:0px"></div>
  <div class="p-index main" id="con" style="">
    <div class="nr" id="nr" style="position: relative; width: 100%; height: 100%;">
      <div id="loading" class="loading" style="display: none;">
        <div class="loadbox">
          <div class="loadlogo"></div>
          <div class="loadbg"></div>
        </div>
        <div class="loading-tip"></div></div>
      <div class="bgm-btn rotate" data-event="11205" _tracker_click_="_tracker_click_" style="display: block;">
      </div>
    </div>
  </div>
  <img id="shareImage" src="./imgs/o_1buq9gs20hs31cc3146p1rmi1l4c5a.png" style="display: none;" _tracker_click_="_tracker_click_">
  <script src="./js/jquery.min.js"></script>
  <script type="text/javascript" src="./js/view-2d41bd2.min.js"></script>
  <div id="wapShareSet" class="wapShare" style="display:none"></div>
  <!-- <script src="./js/main.js"></script> -->
<script type="text/javascript">
function i(){var e=1,i=document.documentElement.clientWidth||320,n=document.documentElement.clientHeight||486;e=i/n>=320/486?n/486:i/320;var o="width=320, initial-scale="+e+", maximum-scale="+e+", user-scalable=no";document.getElementById("viewport").setAttribute("content",o)}
i();
$(document).on('click', '.rotate', function() {
  if($('audio')['0'].stop) {  
    $('audio')['0'].pause();
  }
  else {
    $('audio')['0'].start();
  }
});
</script>
</body>
</html>

